## The following options are only available if you have
## compiled in S/MIME support

set smime_is_default

# The (default) keyfile for signing/decrypting.
set smime_sign_as="0e64589a.0"

# Path to where all known certificates go. (must exist!)
set smime_certificates="/usr/people/bronski/.smime/certificates"

# Path to where all private keys go. (must exist!)
set smime_keys="/usr/people/bronski/.smime/keys"

# Algorithm to use for encryption.
# valid choices are rc2-40, rc2-64, rc2-128, des, des3
set smime_encrypt_with="des3"

# These are used to extract a certificate from a message.
# First generate a PKCS#7 structure from the message.
set smime_pk7out_command="openssl smime -verify -in %f -noverify -pk7out"

# Extract the included certificate(s) from a PKCS#7 structure.
set smime_get_cert_command="openssl pkcs7 -print_certs -in %f"

# This is used to get a filename for certificates that get stored in the
# above directory
set smime_hash_cert_command="openssl x509 -in %f -noout -hash"

# Encrypt a message. Input file is a MIME entity.
set smime_encrypt_command="openssl smime -encrypt -%a -outform DER -in %f %c"

# Decrypt a message. Output is a MIME entity.
set smime_decrypt_command="openssl smime -decrypt -passin stdin -inform DER -in %f -inkey %k -recip %c"

# Sign.
set smime_sign_command="openssl smime -sign -signer %c -inkey %k -passin stdin -in %f -outform DER"

# Verify a signature.
set smime_verify_command="openssl smime -verify -inform DER -in %s -content %f -noverify"